CVE-2024-13959: Link Following Local Privilege Escalation Vulnerability in AVG TuneUp 24.2.16593.9844
First published: Fri May 09 2025(Updated: )
Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory
Credit: security@nortonlifelock.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVG TuneUp |
Remedy
An upgrade was released on 11.12.2024 in version AVG TuneUp 24.3.17165.10564, upgrade to this or later version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-13959?
CVE-2024-13959 is considered to be a high-severity local privilege escalation vulnerability.
How do I fix CVE-2024-13959?
To fix CVE-2024-13959, update AVG TuneUp to the latest version available from the vendor.
Who is affected by CVE-2024-13959?
CVE-2024-13959 affects users of AVG TuneUp version 24.2.16593.9844 on Windows.
What type of vulnerability is CVE-2024-13959?
CVE-2024-13959 is a local privilege escalation vulnerability that allows attackers to execute arbitrary code.
How does CVE-2024-13959 work?
CVE-2024-13959 works by allowing an attacker to create a symbolic link that exploits the AVG TuneUp service to gain SYSTEM-level privileges.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/remedy
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/avg
- canonical/avg tuneup